1. Field of the Invention
The present invention relates to computer network security. More specifically, it relates to software and devices for preventing instant messaging malware from sending harmful instant messages over a network.
2. Description of the Related Art
Over the past several years, a technology for communicating over the Internet and other networks known as instant messaging has been adopted by enterprises, businesses, and individuals at a rapid pace and is still growing. Instant messaging (“IM”) is enabled by a program, sometimes referred to as an “IM client,” that allows two or more people to communicate with one another over the Internet in real time. Although most IM communications occur as text, some IM programs also offer streaming audio-visual conferencing and file exchange services. The term “instant messaging” may refer to messages sent by instant messaging, or to the act of sending an instant message.
Companies in nearly all sectors of business are adopting IM at a record pace to improve their information sharing abilities and to decrease the time needed to make business decisions. But the rapid adoption of IM networks by corporate users makes instant messaging a viable vehicle for malicious threats. Real-time communication solutions like IM often create a new attack vector for threats to enter an enterprise network.
Internal enterprise networks (e.g., Intranets, VPNs, etc.) and public IM networks (e.g., those implemented by AOL, Yahoo, MSN Hotmail, GMail, etc.) have all been targets of IM malware, including IM worms and IM BOTS. These threats are fast to propagate and mutate, making them an attractive option for malware authors. As a result, enterprises and the public networks will increasingly require a management tool to control real-time communication and keep IM available, compliant, and secure.
A common form of attack involves a BOT (an automated program that performs or simulates human actions on a computing device and the Internet that may be used to take control of computers, launch attacks, and compromise data) on a computer that uses the IM client on the device to send IMs containing harmful URLs and other content to contacts in the user's address book. It does this by stealing the user name and password of the instant messenger program, login as if it were the user and sends out either malicious URL links or files. These contacts get the IM, see that it is from a known person, open the IM and click on the URL or open attachments, and thereby spread the malware and compromising data on their devices. The contacts receiving the IM may not be able to discern that the IM was created by a BOT on the known person's computer and not by the actual person. While many users have become educated over the years about the dangers of opening e-mails and attachments that they are not sure about, this level of caution has not yet been embedded in the IM user community.